On Tue, 2006-08-29 at 20:06 +0100, Alan Cox wrote:> Ar Maw, 2006-08-29 am 10:30 -0700, ysgrifennodd Rohit Seth:> > On Tue, 2006-08-29 at 11:15 +0100, Alan Cox wrote:> > > Ar Llu, 2006-08-28 am 15:28 -0700, ysgrifennodd Rohit Seth:> > > > Though if we have file/directory based accounting then shared pages> > > > belonging to /usr/lib or /usr/bin can go to a common container.> > > > > > So that one user can map all the spare libraries and config files and> > > DoS the system by preventing people from accessing the libraries they do> > > need ?> > > > > > > Well, there is a risk whenever there is sharing across containers. The> > point though is, give the choice to sysadmin to configure the platform> > the way it is appropriate.> > In other words your suggestion doesn't actually work for the real world> cases like web serving.>

Containers are not going to solve all the problems particularly thescenarios like when a machine is a web server and an odd user can log onto the same machine and (w/o any ulimits) claim all the memory that ispresent in the system.

Though it is quite possible to implement a combination of two (task andfs based) policies in containers and sysadmin can set a preference ofeach each container. [this probably is another reason for having a perpage container pointer].